diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2018-06-13 20:10:22 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2018-06-13 20:10:22 +0000 |
| commit | a97047cd0bf91e873aa46dbfa799ce3c3cad9843 (patch) | |
| tree | 34500bdd4f03999685d660e987529153c3477113 /data | |
| parent | 0cc91f350288afed9afa59f0ca1abc5a716d74a5 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 256 |
1 files changed, 198 insertions, 58 deletions
diff --git a/data/CVE/list b/data/CVE/list index 5a8e291b53..d8a9a87818 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,13 +1,155 @@ -CVE-2018-12267 +CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an article" action. ...) + TODO: check +CVE-2018-12338 + RESERVED +CVE-2018-12337 + RESERVED +CVE-2018-12336 + RESERVED +CVE-2018-12335 + RESERVED +CVE-2018-12334 + RESERVED +CVE-2018-12333 + RESERVED +CVE-2018-12332 + RESERVED +CVE-2018-12331 + RESERVED +CVE-2018-12330 + RESERVED +CVE-2018-12329 + RESERVED +CVE-2018-12328 + RESERVED +CVE-2018-12327 + RESERVED +CVE-2018-12326 + RESERVED +CVE-2018-12325 + RESERVED +CVE-2018-12324 + RESERVED +CVE-2018-12323 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password ...) + TODO: check +CVE-2018-12322 (There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in ...) + TODO: check +CVE-2018-12321 (There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() ...) + TODO: check +CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() in ...) + TODO: check +CVE-2018-12319 + RESERVED +CVE-2018-12318 + RESERVED +CVE-2018-12317 + RESERVED +CVE-2018-12316 + RESERVED +CVE-2018-12315 + RESERVED +CVE-2018-12314 + RESERVED +CVE-2018-12313 + RESERVED +CVE-2018-12312 + RESERVED +CVE-2018-12311 + RESERVED +CVE-2018-12310 + RESERVED +CVE-2018-12309 + RESERVED +CVE-2018-12308 + RESERVED +CVE-2018-12307 + RESERVED +CVE-2018-12306 + RESERVED +CVE-2018-12305 + RESERVED +CVE-2018-12304 + RESERVED +CVE-2018-12303 + RESERVED +CVE-2018-12302 + RESERVED +CVE-2018-12301 + RESERVED +CVE-2018-12300 + RESERVED +CVE-2018-12299 + RESERVED +CVE-2018-12298 + RESERVED +CVE-2018-12297 + RESERVED +CVE-2018-12296 + RESERVED +CVE-2018-12295 + RESERVED +CVE-2018-12294 + RESERVED +CVE-2018-12293 + RESERVED +CVE-2018-12292 (A use-after-free vulnerability exists in ...) + TODO: check +CVE-2018-12290 (The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. ...) + TODO: check +CVE-2018-12289 + RESERVED +CVE-2018-12288 + RESERVED +CVE-2018-12287 + RESERVED +CVE-2018-12286 + RESERVED +CVE-2018-12285 + RESERVED +CVE-2018-12284 + RESERVED +CVE-2018-12283 + RESERVED +CVE-2018-12282 + RESERVED +CVE-2018-12281 + RESERVED +CVE-2018-12280 + RESERVED +CVE-2018-12279 + RESERVED +CVE-2018-12278 RESERVED -CVE-2018-12266 +CVE-2018-12277 RESERVED -CVE-2018-12265 +CVE-2018-12276 RESERVED -CVE-2018-12264 +CVE-2018-12275 RESERVED -CVE-2018-12263 +CVE-2018-12274 RESERVED +CVE-2018-12273 (The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad ...) + TODO: check +CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter. ...) + TODO: check +CVE-2018-12271 + RESERVED +CVE-2018-12270 + RESERVED +CVE-2018-12269 + RESERVED +CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell ...) + TODO: check +CVE-2018-12267 + RESERVED +CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that ...) + TODO: check +CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in ...) + TODO: check +CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in ...) + TODO: check +CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via the ...) + TODO: check CVE-2018-12262 RESERVED CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All ...) @@ -382,7 +524,7 @@ CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in TODO: check CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View ...) NOT-FOR-US: Octopus Deploy -CVE-2018-12291 [bug in the get_missing_events federation API where event visibility rules were not applied correctly] +CVE-2018-12291 (The on_get_missing_events function in handlers/federation.py in Matrix ...) - matrix-synapse 0.31.1+dfsg-1 (bug #901293) NOTE: https://github.com/matrix-org/synapse/pull/3371 NOTE: https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec @@ -1006,8 +1148,7 @@ CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2018-11807 RESERVED -CVE-2018-11806 [slirp: heap buffer overflow while reassembling fragmented datagrams] - RESERVED +CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via ...) - qemu <unfixed> (bug #901017) [stretch] - qemu <postponed> (Minor issue, wait until more severe issues are around) [jessie] - qemu <postponed> (Minor issue, wait until more severe issues are around) @@ -1359,8 +1500,8 @@ CVE-2018-11690 RESERVED CVE-2018-11689 RESERVED -CVE-2018-11688 - RESERVED +CVE-2018-11688 (Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, ...) + TODO: check CVE-2018-11687 RESERVED CVE-2018-11686 @@ -2051,12 +2192,12 @@ CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the NOTE: https://github.com/liblouis/liblouis/issues/573 CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending ...) NOT-FOR-US: Splunk -CVE-2018-11408 - RESERVED -CVE-2018-11407 - RESERVED -CVE-2018-11406 - RESERVED +CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x ...) + TODO: check +CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x before ...) + TODO: check +CVE-2018-11406 (An issue was discovered in the Security component in Symfony 2.7.x ...) + TODO: check CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...) NOT-FOR-US: Kliqqi CVE-2018-11404 (DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php ...) @@ -2097,10 +2238,10 @@ CVE-2018-11388 RESERVED CVE-2018-11387 RESERVED -CVE-2018-11386 - RESERVED -CVE-2018-11385 - RESERVED +CVE-2018-11386 (An issue was discovered in the HttpFoundation component in Symfony ...) + TODO: check +CVE-2018-11385 (An issue was discovered in the Security component in Symfony 2.7.x ...) + TODO: check CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...) - radare2 <unfixed> (low) [stretch] - radare2 <no-dsa> (Minor issue) @@ -4703,8 +4844,8 @@ CVE-2018-10365 (An XSS issue was discovered in the Threads to Link plugin 1.3 fo NOT-FOR-US: Threads to Link plugin for MyBB CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via the name ...) NOT-FOR-US: BigTree CMS -CVE-2018-10363 - RESERVED +CVE-2018-10363 (An issue was discovered in the WpDevArt "Booking calendar, Appointment ...) + TODO: check CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file 5.33 ...) - file 1:5.33-3 (bug #901351) [stretch] - file <no-dsa> (Minor issue; will be fixed via pu) @@ -11770,8 +11911,8 @@ CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...) NOT-FOR-US: Tenda AC9 devices CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...) NOT-FOR-US: aws-lambda-multipart-parser NPM package -CVE-2018-7559 - RESERVED +CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample Code ...) + TODO: check CVE-2018-7558 RESERVED CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) @@ -13234,20 +13375,20 @@ CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils NOTE: https://github.com/shadow-maint/shadow/pull/97 CVE-2018-7168 RESERVED -CVE-2018-7167 - RESERVED +CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can lead ...) + TODO: check CVE-2018-7166 RESERVED CVE-2018-7165 RESERVED -CVE-2018-7164 - RESERVED +CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the ...) + TODO: check CVE-2018-7163 RESERVED -CVE-2018-7162 - RESERVED -CVE-2018-7161 - RESERVED +CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the severity ...) + TODO: check +CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the ...) + TODO: check CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS ...) - nodejs <unfixed> (unimportant) [stretch] - nodejs <not-affected> (Vulnerable code not present) @@ -18443,12 +18584,12 @@ CVE-2018-5436 RESERVED CVE-2018-5435 RESERVED -CVE-2018-5434 - RESERVED -CVE-2018-5433 - RESERVED -CVE-2018-5432 - RESERVED +CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime ...) + TODO: check +CVE-2018-5433 (The TIBCO Administrator server component of TIBCO Software Inc.'s ...) + TODO: check +CVE-2018-5432 (The TIBCO Administrator server component of of TIBCO Software Inc.'s ...) + TODO: check CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO ...) - jasperreports <unfixed> [wheezy] - jasperreports <end-of-life> (not supported in Wheezy) @@ -19042,8 +19183,8 @@ CVE-2018-5245 RESERVED CVE-2018-5243 RESERVED -CVE-2018-5242 - RESERVED +CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a ...) + TODO: check CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, ...) NOT-FOR-US: Symantec CVE-2018-5240 @@ -22764,8 +22905,8 @@ CVE-2018-3761 RESERVED CVE-2018-3760 RESERVED -CVE-2018-3759 - RESERVED +CVE-2018-3759 (private_address_check ruby gem before 0.5.0 is vulnerable to a ...) + TODO: check CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 ...) NOT-FOR-US: express-cart CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped ...) @@ -28741,8 +28882,8 @@ CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize NOT-FOR-US: IBM CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is ...) NOT-FOR-US: IBM InfoSphere Information Server -CVE-2018-1431 - RESERVED +CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, ...) + TODO: check CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site ...) NOT-FOR-US: IBM API Connect CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to ...) @@ -28817,8 +28958,8 @@ CVE-2018-1395 RESERVED CVE-2018-1394 RESERVED -CVE-2018-1393 - RESERVED +CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) + TODO: check CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...) NOT-FOR-US: IBM Financial Transaction Manager CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...) @@ -30044,8 +30185,8 @@ CVE-2017-17445 RESERVED CVE-2017-17444 RESERVED -CVE-2017-17443 - RESERVED +CVE-2017-17443 (OPC Foundation Local Discovery Server (LDS) 1.03.370 required a ...) + TODO: check CVE-2017-17442 (In BlackBerry UEM Management Console version 12.7.1 and earlier, a ...) NOT-FOR-US: BlackBerry CVE-2017-17441 @@ -35119,8 +35260,8 @@ CVE-2017-16654 RESERVED CVE-2017-16653 RESERVED -CVE-2017-16652 - RESERVED +CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...) + TODO: check CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...) {DSA-4030-1 DLA-1193-1} - roundcube 1.3.3+dfsg.1-1 @@ -37910,8 +38051,7 @@ CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ... NOT-FOR-US: Apache NiFi CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure ...) NOT-FOR-US: Apache Geode -CVE-2017-15695 - RESERVED +CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with ...) NOT-FOR-US: Apache Geode CVE-2017-15694 RESERVED @@ -50030,8 +50170,8 @@ CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a de NOT-FOR-US: Acunetix CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Acunetix -CVE-2017-11672 - RESERVED +CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ...) + TODO: check CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386.c ...) - gcc-6 6.3.0-12 - gcc-5 5.4.1-10 @@ -57540,7 +57680,7 @@ CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 u - juju <removed> CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x ...) NOT-FOR-US: Citrix -CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...) +CVE-2017-9230 (** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a ...) NOT-FOR-US: Bitcoin Proof-of-Work algorithm CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...) {DLA-958-1} @@ -76422,7 +76562,7 @@ CVE-2017-3210 RESERVED CVE-2017-3209 RESERVED -CVE-2017-3208 (The Java implementation of AMF3 deserializers used by Flamingo ...) +CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...) TODO: check CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by ...) TODO: check @@ -205253,8 +205393,8 @@ CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iP NOT-FOR-US: ActiveX CVE-2011-4184 RESERVED -CVE-2011-4183 - RESERVED +CVE-2011-4183 (A vulnerability in open build service allows remote attackers to ...) + TODO: check CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...) TODO: check CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain ...) |